Mediaboss Marketing

Hackers supporting the government of Iran are targeting experts in Middle Eastern affairs and nuclear security in a new campaign that researchers said involved malware for both Apple and Microsoft products.

Cybersecurity experts from Proofpoint attributed the campaign to a group they call TA453 but also is known as Charming Kitten, Mint Sandstorm or APT42, which has previously been tied to the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO).

They found hackers pretending to be a senior fellow with the U.K. think tank the Royal United Services Institute (RUSI) while attempting to spread malware to a nuclear security expert at a U.S.-based think tank focused on foreign affairs.

The hackers continue to adapt the tools used during their attacks, deploying novel file types and targeting new operating systems, specifically sending Mac malware to one of its recent targets, Proofpoint said.

TA453s capability and willingness to devote resources into new tooling to compromise its targets exemplifies the persistence of state-aligned cyber threats, said Joshua Miller, a senior threat researcher for the company.

The threat actors continued efforts to iterate their infection chains to bypass security controls demonstrate how important a strong community informed defense is to frustrate even the most advanced adversaries.

In a report published Thursday, Miller and other Proofpoint researchers explained that the group uses Google Scripts, Dropbox and CleverApps to disrupt the efforts of threat hunters.

The goal of the campaign is reconnaissance, with the hackers deploying several backdoors in victims systems to gather intelligence.

The hackers were forced to shift their tactics in May after Microsoft made changes last year to a popular feature in its Office suite of apps. Past campaigns analyzed by Proofpoint saw the hackers use Microsofts Visual Basic for Applications (VBA) macro to deploy malware but the tech giant announced that it is now blocking the feature by default in a variety of Office apps to limit its use among hackers.

Proofpoint attributed the campaign to Iranian actors based on both direct code similarities and similarities in overall campaign tactics, techniques, and procedures. Two of the backdoors found in the campaign date back to ones seen in 2021.

The campaign began in May with an email to an expert from a hacker purporting to be a senior fellow with RUSI.

The email said the researchers were working on a project called Iran in the Global Security Context and were looking for feedback from experts. To bolster its legitimacy, the hackers said the project was being worked on by other well-known nuclear security experts. The attackers had previously sent emails masquerading as those people, too. The hackers even offered to pay the expert for their take on the document.

TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified PowerShell backdoor GorjolEcho, the researchers said.

At one point the hackers realized that a malicious file would not run on the victims Apple computer, so they sent another email with malware that would work on Mac operating systems.

Proofpoint said the likely goal is monitoring experts who are likely playing some role in the foreign policy positions taken by governments involved in the Joint Comprehensive Plan of Action (JCPOA) negotiations, known colloquially as the Iran nuclear agreement.

Proofpoint noted that its investigation into the campaign was assisted by Dropbox and HSBC Cyber Intelligence and Threat Analysis. Dropbox removed the accounts that were associated with the campaign after being notified by Proofpoint.

In April, Charming Kitten was accused of deploying a new strain of malware named BellaCiao against several victims in the U.S., Europe, India, Turkey and other countries.

Microsoft reported earlier this year that the same Iranian hacking group spent much of 2021 and 2022 directly targeting US critical infrastructure including seaports, energy companies, transit systems, and a major US utility and gas entity.

The increased aggression of Iranian threat actors appeared to correlate with other moves by the Iranian regime under a new national security apparatus, suggesting such groups are less bounded in their operations, Microsoft explained.

Recorded Future

Intelligence Cloud.

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

See original here:
Iran-based hackers targeting nuclear security experts through Mac ... - The Record from Recorded Future News

(July 6, 2023 / JNS)

The abduction of Elizabeth Tsurkov is an achievement that Iran and its proxies can claim against Israel after a long streak of failures. Just recently its plot to target Israelis was thwarted in Cyprus. Israels security agencies even managed to have the would-be perpetrator interrogated on Iranian soil.

But in Iraq, which has become Irans backyard, such a plot was easier to carry out. Tsurkov, a Princeton scholar, was captured by the Shiite militia Kataib Hezbollah, which was formed by Irans Quds Force. Now Iran has a bargaining chip for which it can demand a heavy Israel price.

For quite some time now, the Iranians have been warning that they will avenge a string of assassinations attributed to Israel by foreign sources, including ofseveral figures linked to its nuclear project. The most high-ranking of those officials was Mohsen Fakhrizadeh, the chief of Irans military nuclear endeavors.

There is one ray of hope: The United States could use its clout with Iraqs government to secure the scholars release. After all, she was there just so she could conduct research as part of her PhD dissertation. The United States still has troops in the country and, more importantly, leverage.

One example that attests to its influence was the United States issuing a waiver that would let Iraq hand over some $2.7 billion to Iran for various utility and gas bills.

But the Iraqi government is clearly pro-Iranian today. It is composed of a Shiite bloc that supports Tehran, and thus, it is unlikely that Iraqi Prime Minister Mohammed Shia al-Sudani would be keen to resolve this situation at the behest of Jerusalem.

Moreover, it is doubtful that Kataib Hezbollah would obey Iraqs central government in defiance of Iran. It was set up by Abu Mahdi al-Muhandis, who was assassinated in 2020 together with then-Quds Force Commander Qassem Suleimani.

The militias stated goal is to rid the country of American forces. Striking a deal with the Americansand over an Israeli womanwould create problematic optics for the group holding her. Thus ultimately, the ball lies in the Iranian court. The release could hinge on what Iran gets in return.

The fact that Tsurkov has been missing for several months is not a good omen. Kataib Hezbollahs track record is also not encouraging. Only three years ago, Hisham al-Hashimi, a leading researcher on pro-Iranian militias, was shot to death by two armed men. Lets hope Tsurkov is spared a similar fate.

Originally published in Israel Hayom.

Subscribe to The JNS Daily Syndicate by email and never miss our top stories

By signing up, you agree to receive emails from JNS and our advertising partners

JNS serves as the central hub for a thriving community of readers who appreciate the invaluable context our coverage offers on Israel and their Jewish world.

Please join our community and help support our unique brand of Jewish journalism that makes sense.

Read the original here:
Tsurkov's fate will ultimately depend on Iran - JNS.org

The US regularly updates its military options for threats from Irans evolving nuclear facilities, US Lt. Gen. and CENTCOM Air Force Chief Alexus Grynkewich told The Jerusalem Post in an exclusive interview.

Israel also seeks regularly to gauge how much of a threat Irans nuclear program presents and how much backing Jerusalem would have from the US if it needed to confront that threat with preemptive strikes. The Post asked the AFCENT chief whether the US military would continue to be able to potentially handle the threat from the Islamic Republic of Iran, despite the construction of a new, deep, underground nuclear facility at Natanz.

You can assume we are keeping a very close eye on Iranian facilities out there, continuing our evaluation of what it means, what Iran is using it for, what options we might have for those facilities, Grynkewich said.

His comments were some of the most detailed to date in terms of the US regularly working on and updating military options including with respect to new Iranian moves.

Despite the impressive capabilities of the US military, Grynkewich was queried about the possibility that deterrence from Washington was not working. For example, in spite of US threats and capabilities, Tehran in the last two years has managed to move its nuclear program forward to enriching significant quantities of uranium to the very high 60% level, as well as having sufficient quantities of enriched uranium for around seven nuclear bombs if Iran chose to cross the nuclear threshold.

Grynkewich answered, When I talk about the deterrence of Iran, there are several different things we are attempting to deter, as a matter of the US position in the region. Were certainly trying to deter attacks on ourselves or any of our regional partnersThere is an interplay of a couple of different things with respect to Iranian attacks on us.

When I talk about the deterrence of Iran, there are several different things we are attempting to deter, as a matter of the US position in the region. Were certainly trying to deter attacks on ourselves or any of our regional partners, he said.

He added that There is an interplay of a couple of different things with respect to Iranian attacks on us, clarifying that now the US is trying to ensure that the Iranians understand that even though the US doesnt have the same amount of forces in the region as it had previously, we can still bring those forces back very rapidly.

That, I do think, contributes to the deterrent effect against Iran, he said.

Next, Grynkewich said the US deters Iran by ensuring the strength of its partnerships in the region.

The partnership with Israel is of course extremely important to us, he said. We have an ironclad commitment to Israeli security.

He also said that there are a lot of our Arab partners in the region as well, where we intend to maintain a true partnership and not just a transactional relationship and stitch the region together in a more integrated fashion. The more we can do that, the more of a deterrent effect that has on Iran because they see that they are facing a unified front.

With respect to the nuclear program, Grynkewich was adamant: Every recent president has said we will not allow Iran to get a nuclear weapon.

Our job is to ensure that Iran does understand we can bring forces in here quickly to respond to any provocation. There are plenty of options on the table with respect to preventing Iran from getting a nuclear weapon. Our job is to ensure that the military options are well thought out and robust, the US general said.

One element that Grynkewich has emphasized in multiple public comments is Task Force 99s contribution to stability in the region, including confronting Iran. He discussed the role Task Force 99 could have in confronting Iran and other adversaries in the region. The AFCENT chief said that the use of drones had grown exponentially over the past several years, particularly one-way attack drones. He suggested that if there were one-way attack drones or something else of which we could have a fleet of a very large number of unmanned platforms, which are relatively inexpensive, it is possible that they could be used to impose dilemmas on our adversaries.

Questioned about which kind of drones he was contemplating tactically, including kamikaze drones, Grynkewich responded, It could be a kamikaze version or it could be a non-kamikaze version. You know if you send a swarm of several hundred intelligence surveillance drones and reconnaissance drones somewhere, your adversary is going to have to react to it in some way, either to prevent the collection youre doing or to prevent an attack.

GRYNKEWICH HONED in on regional air defense, which Israel has publicly said it now has with Abraham Accords countries, and even some countries who have not yet joined the accords without naming names.

There is a requirement to share information, to share threat intelligence, to give point-outs if something is approaching from some axis. If there is a country that sees that, it should be willing to pick up the phone and call the country that its a threat to.

Regarding different kinds of threats and communications between the regional air defense countries, he explained, So, for a one-way attack UAV [unmanned aerial vehicle], that kind of sharing is really important. That works for UAVs, but it doesnt necessarily work for other kinds of threats that might be out there, like ballistic missiles, he said. With missiles you have seconds of reaction time, as opposed to what could be minutes or even hours, depending on the length of a UAV flight.

And somewhere in between those two scenarios, he said, there is an air threat, but, he said, thats not a major concern.

Although recently we have seen reporting on Iran potentially getting SU-35s [aircraft] from Russia. If that happens, that would become a larger concern for us as well. But all those kinds of threats are out there.

In fact, he said, if Tehran got SU-35s from Russia, it could alter the entire regional dynamics, though some of that would also depend on what armaments Moscow would provide and how long it would take the Iranians to train with the new aircraft.

Cruise missiles are another one, he added, noting that information about the cruise missiles that Iran has in their own inventory, and some of their partners and proxies, was widely reported. And the aim was to be able to detect those and respond more quickly than phone calls.

That is where were trying to go, he said, and that is where we require some sort of a digital connection. It can be something which enables human-to-human contact, just at a faster speed than a phone call using a chat function or classified versions of that where we can share information quickly with a broad group of people.

He explained that There are IP-based systems, which are not datalinks kind of like using a signal on your phone, but think of that on a secret computer system. Such a system enables communication to remain flat and faster, he said.

But really, if you get to Link 16 [a military communications network], if I can pass an actual threat track from one country to another, it enables nations to provide mutual defense of each other, if they have that understanding that they will defend each other in response to that threat, explained the air force commander.

What we bring at AFCENT to this, is a way that information comes into one location, it can be fused, and then different countries are willing to share different qualities of information or different speeds of information, he said.

As to the various countries potentially involved in such information-sharing, Grynkewich said that some might not be willing to share information if the US was not in the middle. He called the US a very useful place for information to come together.

The US can be the middleman he said, between two or more countries. If countries are willing to share, if there are three countries, we can help triangulate and correlate the data from say the radars that are picking up from whatever threat it is. And then send out one authoritative location of that threat entity to whichever the threatened country is.

ASKED ABOUT views that Iran had succeeded in moving advanced weapons to Lebanon and Gaza, while much of the world was distracted by the Iranian nuclear threat, Grynkewich answered by referring to the IDF. He said that he had a tremendous amount of respect for the Israeli air force, and the Israeli defense forces. He told the Post that Some of the best work I have seen is the interdiction work that your countrys forces are able to execute when they stop the flow of those weapons. Its a very difficult problem to stop all of them, but I have a ton of respect for what they are able to do.

Regarding the broader picture of the nature of the Iranian threat, he answered: All of the above.

We are all very concerned about an Iran nuclear weapon, he said.

Yet, On the military side, we are equally concerned about other asymmetric capabilities which the Iranians have The first are their air threats, including ballistic missiles, UAVs and cruise missiles. Thats a very complex combination of capabilities.

And if Iran would have the will to use those kinds of weapons and use them against an undefended location, then Tehran could meticulously pick off wherever is least defended, since not all things can be equally defended.

It is an asymmetric threat that we have to think about deterring, he said. The other asymmetric capability that they have are their partners and proxies, which now when you pair that with the UAVs and ballistic missiles, and the proliferation of those to proxy groups, you end up having a 360-degree threat to almost every country in the region, where those partners and proxies operating in other countries besides Iran can come at you from different axes.

Many of the countries here in the region have been attacked by the Iranians or by their proxies over the last three to four years, he said.

Grynkewich agreed with Israeli intelligence views that it was very plausible that Iran has used human catastrophes, like earthquake aid, to smuggle weapons to Syria.

DISCUSSING US-ISRAEL military relations and his personal connection to IDF Air Force Chief Maj. Gen.Tomer Bar, Grynkewich said: We were just talking yesterday, exchanging text messages. Tomer and I are very close.

They have been working on building their relationship since July 2022, shortly after he took over. I came a little after him. I tell you, I have got a lot of respect for him. He is a really good friend, a very serious, thoughtful leader.

Bar and Grynkewich enjoy flying together when the occasion permits. I got to fly with Tomer in Israel. Asked who the main pilot in their joint flight was, he laughed, He was the main pilot. But I would have gladly taken control of it We are trying to find the time to fly together again, maybe in separate aircrafts and a formation together I hope to do it in the coming months.

Of course, he said in private, there are a lot of smiles around airplanes... He has a good sense of humor very much like mine, being a little dry. Grynkewich said he had enjoyed hosting [Bar] in the US for a Red Flag [military drill] event.

In his previous job at US CENTCOM in Tampa, he said, he was fortunate to already have a very good relationship with IDF Maj. Gen. [Operations Command Chief] Oded Basiuk.

In the course of my engagements over the two years, Grynkewich said, I built up a fairly strong mutual understanding, with the key senior Israeli defense officials.

Looking back, he said, he first started visiting Israel when I was at [the USs] European command, in the 2010s, around 2010-2012. I had seven or eight trips to Israel. At the time, we were working on defensive plans.

During flights with Israeli civilians at Ben-Gurion Airport, he said that he found Israelis are extremely talkative, they want to know what you are doing and they are very interested in America and generally supportive of the US military.

On the subject of how the ups and downs between the Israel-US political leadership and in this case the tense relations between the Netanyahu and Biden administrations have impacted military relations, the AFCENT commander responded with some insight into how militaries work with each other.

Political relationships between nations do go up and down, between the US and all of our friends and partners, in this region and in other regions. Theyll go up and down, as nations interests clash with each other or as they have different perspectives on issues of policy.

Yet, At the military level, what our overall objective is and this is irrespective of the region of the world the military-to-military remains relatively steady.

The general explained that although policy guidance could come down which constrains things that we do, typically even our policymakers keep that isolated across the board, so they allow strong military-to-military relationships to continue.

They know that that relationship is foundational to long-term success. So we end up having a longer view on the military side of things.

Additionally, liaison teams carry out a lot of exchanges for intelligence purposes and that battle rhythm has endured over the years. It was the same back in 2010-2012. It certainly goes at a faster pace sometimes or at a slower pace at other times.

He cited common values and experiences between the countries as keeping the military relationship solid, even when there may be friction at the political level. The military connection Grynkewich said, is driven by other things in the operational environment, threats that we see, rather than any type of political guidance.

And that relationship is not just me with Tomer Bar. It is repeated up and down the chain of command, including top commanders above and wing commanders below.

Read the original here:
US has military options for Iran nuclear threat - CENTCOM air force ... - The Jerusalem Post

UNDER-SECRETARY-GENERAL ROSEMARY A. DICARLOS

REMARKS TO THE SECURITY COUNCIL ON

NON-PROLIFERATION

(IMPLEMENTATION OF RESOLUTION 2231 (2015))

New York, 6 July 2023

Thank you, Madam President, for the opportunity to brief the Council on the Joint Comprehensive Plan of Action (JCPOA) and the implementation of resolution 2231 (2015).

The conclusion of the Plan and its endorsement by the Council eight years ago were the result of intensive negotiations to achieve the common objectives of nuclear non-proliferation and regional security, in a manner that delivers tangible economic benefits for the Iranian people.

When I last briefed the Council on this issue in December 2022, all participants to the Plan and the United States had reaffirmed that a return to the full and effective implementation of the Plan was the only viable option to resolve the Iranian nuclear issue. Six months later, negotiations to restore the Plan remain stalled.

Diplomacy is the only way to effectively address the Iranian nuclear issue. It is essential that all parties renew the dialogue as quickly as possibleand reach an agreement on the outstanding issues.

In this context, I reiterate the Secretary-Generals appeal to the United States to lift or waive its sanctions as outlined in the Plan and to extend waivers with regard to the trade in oil with the Islamic Republic of Iran.

And I echo his call on Iran to reverse the steps it has taken that are not consistent with its nuclear related commitments under the Plan. It is also important for Iran to address concerns raised by participants in the Plan and by other Member States in relation to annex B of resolution 2231 (2015).

In a welcome development, in March of this year, the International Atomic Energy Agency (IAEA) and Iran issued a joint statement to expedite the resolution of outstanding safeguards issues and to allow the IAEA to implement further appropriate verification and monitoring and reporting activities.

In its report of May 2023, the IAEA reported that, in line with this joint statement, it had installed surveillance cameras at workshops where centrifuge parts are manufactured. The Agency added that it had no further questions regarding the presence of high enriched uranium detected at one location.

This encouraging step notwithstanding, we are alarmed that the Agency remains unable to verify the stockpile of enriched uranium in the country.

It estimates that Iran now has a total enriched uranium stockpile of more than twenty times the allowable amount under the (JCPOA). This includes increased quantities of uranium enriched to 20% and 60%. Such a stockpile of enriched uranium is of serious concern.

Madam President,

I will now turn to the restrictive measures set out in annex B, as outlined in the Secretary-Generals fifteenth report on resolution 2231 (S/2023/473).

First, on the nuclear-related provisions, no new proposals were submitted to the procurement channel in the last six months.

The Council, however, received ten notifications, submitted pursuant to paragraph 2 of annex B, for certain nuclear-related activities consistent with the Plan.

The renewal by the United States of waivers with respect to certain nuclear non-proliferation projects foreseen in the Plan and the nuclear-related provisions in annex B to resolution 2231 for another 180-day period was an important step.

Second, regarding the ballistic missile-related provisions, France, Germany, Iran, Israel, the Russian Federation and the United Kingdom provided information to the Secretary-General and the Council concerning a test flight of a space launch vehicle conducted by Iran in March of this year.

We also received information from these same Member States about the testing and unveiling of two new ballistic missiles by Iran in May and June, respectively.

The letters received from Member States continue to reflect the divergent views as to whether this launch and missile developments are inconsistent with the resolution.

Third, we examined information related to paragraph 4 of annex B.

This paragraph pertains to the supply, sale or transfer to or from Iran of all items, materials, equipment, goods and technology as set out in Council document S/2015/546 which require prior approval of the Council. It includes the list of complete delivery systems and subsystems, as well as the associated components and equipment, including ballistic missiles, cruise missiles and other Unmanned Aerial Vehicle (UAV) systems with a range of 300 km or more.

In the reporting period, we received information from the United Kingdom about ballistic missile parts seized by the British Royal Navy in February 2023, in international waters in the Gulf of Iran.

The United Kingdom shared imagery of the seized components and its analysis that the components were of Iranian origin and transferred in a manner inconsistent with resolution 2231.

The Permanent Representatives of France, Germany and the United Kingdom conveyed their view that some of the seized components are controlled items listed in the Document S/2015/546 and that their transfer without prior approval of the Council was therefore inconsistent with the resolution.

In their responses, Iran and the Russian Federation stated that there was no evidence linking the intercepted vessel and its cargo to Iran, and no clear indication that the seized components were of Iranian origin.We continue to analyze the available information.

We also received letters from Ukraine, France, Germany and the United Kingdom concerning alleged transfers of unmanned aerial vehiclesfrom Iran to the Russian Federation, in a manner inconsistent with paragraph 4 of annex B.

The United Kingdom and Ukraine also provided photographs and their analyses of the UAVs recovered in Ukraine. The two countries assessed the devices to be of Iranian types Shahed-131, Shahed-136 and Mohajer-6, and that they had been transferred by the Islamic Republic of Iran in a manner inconsistent with resolution 2231.

Their assessment was based on comparison with debris of other UAV attacks in the Middle East and with imagery of Iranian UAVs available via open sources.

France, Germany, Ukraine, the United Kingdom and the United States also reiterated their request for the Secretariat to examine the debris of these UAVS in Kyiv or any other suitable location in letters to the Secretary-General and President of the Security Council and in statements to the Council and media.

The Permanent Representatives of Iran and the Russian Federation disputed the imagery and evidence provided by the United Kingdom and Ukraine of the UAVs, as well as the claim by France, Germany, Ukraine and the United Kingdom that Iran had transferred UAVs to the Russian Federation in a manner inconsistent with resolution 2231, noting that the accusations were not substantiated by evidence.

The Secretariat continues to examine the available information.

The Secretariat also received an invitation from the Government of Yemen to examine the debris of a cruise missile used in an attack by the Houthis on the Al-Dhaaba oil terminal last November. The Secretariat is still analyzing the available information.

Finally, the Secretariat did not receive any official information alleging actions inconsistent with the assets freeze provisions of the resolution.

Madam President,

Eight years since the conclusion of the Joint Comprehensive Plan of Action and its endorsement by the Council, we remain convinced that the plan is the best available option for ensuring the exclusively peaceful nature of Irans nuclear programme, as well as for allowing Iran to reach its full economic potential.

In closing, I would like to thank Her Excellency, Ms. Vanessa Frazier for her leadership as Facilitator for resolution 2231, as well as the Coordinator of the Procurement Working Group of the Joint Commission for our continued cooperation.

Thank you, Madam President.

See the original post here:
The JCPOA remains the best available option for ensuring a ... - Department of Political and Peacebuilding Affairs

What is included in my trial?

During your trial you will have complete digital access to FT.com with everything in both of our Standard Digital and Premium Digital packages.

Standard Digital includes access to a wealth of global news, analysis and expert opinion. Premium Digital includes access to our premier business column, Lex, as well as 15 curated newsletters covering key business themes with original, in-depth reporting. For a full comparison of Standard and Premium Digital, click here.

Change the plan you will roll onto at any time during your trial by visiting the Settings & Account section.

If you do nothing, you will be auto-enrolled in our premium digital monthly subscription plan and retain complete access for $69 per month.

For cost savings, you can change your plan at any time online in the Settings & Account section. If youd like to retain your premium access and save 20%, you can opt to pay annually at the end of the trial.

You may also opt to downgrade to Standard Digital, a robust journalistic offering that fulfils many users needs. Compare Standard and Premium Digital here.

Any changes made can be done at any time and will become effective at the end of the trial period, allowing you to retain full access for 4 weeks, even if you downgrade or cancel.

You may change or cancel your subscription or trial at any time online. Simply log into Settings & Account and select "Cancel" on the right-hand side.

You can still enjoy your subscription until the end of your current billing period.

We support credit card, debit card and PayPal payments.

Here is the original post:
Iran's protesters are in retreat, but for how long? - Financial Times